Microsoft kicked off 2009 with a very interesting critical security update on the first “Patch Tuesday” of this year: MS09-001 Vulnerabilities in SMB Could Allow Remote Code Execution addresses issues with the Server Message Block Protocol that go all the way back to Windows 2000 (and would go further except that’s where the Microsoft “update horizon” kicks in). This update address three vulnerabilities in all:
- SMB Buffer Overflow Remote Code Execution Vulnerability (CVE-2008-4834)
- SMB Validation Remote Code Execution Vulnerability (CVE-2008-4835)
- SMB Validation Denial of Service Vulnerability (CVE-2008-4114)
Of those three, the first is the scariest because it allows forged SMB packets to compromise a machine at the System level on any Windows PC running the Server service (except for Vista and Server 2008). That said, this is a “theoretically possible” exploit, rather than a known or demonstrated one. Number 2 is similar to number 1 except that it could affect Vista and Server 2008, but not in their default configurations. It’s more likely, in fact, that 1 and 2 will produce the same effects as number 3, and result in a denial of service for SMB hosts (again except for default Vista and Server 2008 configurations) than actually resulting in remote code execution. But whether you’re ducking a system takeover or just a DoS, this patch is definitely worth applying to your Vista systems anyway.
Other items from this Patch Tuesday include:
- Updates for the various MS email (Outlook and MS Mail on most Vista machines) Junk Email Filters (KB959141 and KB905866)
- Malicious Software Removal Tool for January, ’09 (KB890830)
These are entirely routine, and while worth grabbing, don’t really cry out for much attention or coverage. I also found a Realtek RTL8168B/8111B GbE Interface update in my queue, for several of my Vista machines including both notebooks and desktops, so I suspect others will see and welcome this driver update as well (installed without a glitch on all affected machines).